We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Just a bit of advice re virus/malware and what i've done please.
clairibel
Posts: 3,657 Forumite
Ok so this morning i was googling very innocently:D and clicked on a search result which was flagged as fine by AVG you know green tick at the side.
Anyway everything then went mad after a threat was blocked box appeared and it shutdown my firewall and kicked off AVG and was trying to install some other software.
So i managed to run adware which found lots of infections but i couldn't get avg back, so i removed the infections on adware then did system restore to couple days back and i didn't do it in safe mode as didn't know i should till after and now am running avg at the mo and it has so far found 5 trojans SHeur3.spf,tpv.
Have i done the right thing?? if not have i made it worse? and where do i go from here to make sure i'm virus free please.
Also why does AVG say the website is ok when it is not please as this as happened before with AVG, is there a better antivirus out there, i used to use avast.:)
Thanks for any help.
Anyway everything then went mad after a threat was blocked box appeared and it shutdown my firewall and kicked off AVG and was trying to install some other software.
So i managed to run adware which found lots of infections but i couldn't get avg back, so i removed the infections on adware then did system restore to couple days back and i didn't do it in safe mode as didn't know i should till after and now am running avg at the mo and it has so far found 5 trojans SHeur3.spf,tpv.
Have i done the right thing?? if not have i made it worse? and where do i go from here to make sure i'm virus free please.
Also why does AVG say the website is ok when it is not please as this as happened before with AVG, is there a better antivirus out there, i used to use avast.:)
Thanks for any help.
0
Comments
-
An update i have just done malwarebytes scan now and that found 15 infections to AVG's 7 infections.
Shall i do some more to check again, its all confusing to me
I wouldn't mind i was only looking at bicarbonate of soda uses 
0 -
claribel
Run a full scan with the latest updated Malwarebytes and then post the log file here.
Make sure you delete anything Malwarebytes finds.0 -
I have already done an updated scan and deleted and just tryed to follow the bleeping computer link advice... but it won't let me download hostsperm.bat and it keeps making my searches go to ebay, ask jeeves and other search resultswhen i click on links i want etc..
Heres my log from before, thanks.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4041
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/04/2010 10:02:39
mbam-log-2010-04-27 (10-02-39).txt
Scan type: Full scan (A:\|C:\|E:\|F:\|G:\|H:\|)
Objects scanned: 146446
Time elapsed: 23 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAiqyntsirak (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\New user\Local Settings\Temp\ieyih.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\PRAGMA28bc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\rnoxweamcs.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\swmcxaoern.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\us.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\xcerwanmos.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\dhdhtrdhdrtr5y (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F5B003C6-DDED-4ADF-B871-9C09E3166981}\RP419\A0063060.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F5B003C6-DDED-4ADF-B871-9C09E3166981}\RP419\A0063061.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F5B003C6-DDED-4ADF-B871-9C09E3166981}\RP421\A0063159.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAiqyntsirak\PRAGMAc.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAiqyntsirak\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pragmabbr.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pragmaserf.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00001742.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAiqyntsirak\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA57f9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\Rnz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\New user\Local Settings\Temp\0.12281886224720817.exe (Trojan.Dropper) -> Quarantined and deleted successfully.0 -
I have done a hijack this log as well just in case.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:39, on 27/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S82.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.arise.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://launcher.station.sony.com/weblauncher/plugin/1.0.3.84/SOEWebInstaller.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236021877468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236021869859
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - https://192.168.15.51/downloads/VMware-vdmclient.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ns.eu.arise.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {FA81D7A9-4BDC-47D1-AB01-DA0E72B4F412} (KbdFilter Class) - http://www.epathcampus.com/willow/SDG/bnpl09/activex/FlashHelper.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 11056 bytes0 -
AVGs 'safe search' is beyond useless
Personally I use FIREFOX with the NOSCRIPT plugin to prevent such problems
anyways ~
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
avg is rubbish just got back from my uncles in london because he was having some isuues with his computer installing and mircosoft office working ok in particular word the problem was his control bar eg the top inch of the screen missing anyway did update his avg 8.5 run a full scan everything a ok according to avg anyway downloaded malwarebytes found load of trojans about 6 of them bundle of other rubbish cleared it all out and the machine running ok.
anyway to answer the question of antivrus etc i put him onto kaspersky internet security fairly idiot proof as he has not much clue when comes to computers.
got from here for £15.99 1yr 1licence
http://www.novatech.co.uk/novatech/prods/Software/Security/Kaspersky/KL1831UBCFS-MINSPLIT.html0 -
TICK and FIX these in hijack ~
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - https://192.168.15.51/downloads/VMware-vdmclient.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ns.eu.arise.com/dana-cached/...erSetupSP1.cab
O16 - DPF: {FA81D7A9-4BDC-47D1-AB01-DA0E72B4F412} (KbdFilter Class) - http://www.epathcampus.com/willow/SD...lashHelper.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing):idea:0 -
Ok will do i'm just doing the combofix at the mo, thanks for the help0
-
ComboFix 10-04-26.05 - New user 27/04/2010 16:47:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1542 [GMT 1:00]
Running from: c:\documents and settings\New user\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\New user\Application Data\ACC8A3076BC3E6E611F9224F86A3D354
c:\documents and settings\New user\Application Data\ACC8A3076BC3E6E611F9224F86A3D354\enemies-names.txt
c:\documents and settings\New user\Application Data\ACC8A3076BC3E6E611F9224F86A3D354\lsrslt.ini
c:\documents and settings\New user\Local Settings\Application Data\ave.exe
c:\windows\system32\1730890489.dat
c:\windows\system32\PRAGMAsrcr.dat
Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.
2010-04-27 12:45 . 2010-04-27 12:45 388096 ----a-r- c:\documents and settings\New user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-27 12:45 . 2010-04-27 12:45
d
w- c:\program files\Trend Micro
2010-04-27 09:20 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-27 09:20 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-27 09:20 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-04-27 09:20 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-04-27 09:20 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-04-27 09:20 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-04-27 09:20 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-04-27 09:20 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-27 09:20 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-04-27 09:20 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-27 09:20 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-04-27 09:20 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-04-27 08:36 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 08:36 . 2010-04-27 08:36
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 08:36 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 08:33 . 2010-04-27 08:33
d
w- c:\documents and settings\New user\Application Data\Yahoo!
2010-04-27 08:33 . 2010-04-27 11:31
d
w- c:\program files\Yahoo!
2010-04-27 08:02 . 2010-04-27 08:02
d
w- c:\windows\system32\wbem\Repository
2010-04-27 08:00 . 2010-04-27 08:00
d
w- c:\documents and settings\New user\Application Data\Windows Search
2010-04-27 07:23 . 2010-04-27 07:23
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-14 06:21 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-04-14 06:21 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-04-11 08:21 . 2010-04-11 08:21 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScanner.dll
2010-04-11 08:20 . 2010-04-11 08:20 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScannerBridge.dll
2010-04-11 08:14 . 2010-04-11 08:14
dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-11 08:14 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 08:33 . 2010-03-18 20:20
d
w- c:\program files\CCleaner
2010-04-22 08:34 . 2009-03-10 10:00 48208 -c--a-w- c:\documents and settings\New user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 13:44 . 2009-11-15 15:09
d
w- c:\program files\Common Files\Nokia
2010-04-11 13:44 . 2009-11-15 15:08
d
w- c:\program files\Nokia
2010-04-11 08:21 . 2009-11-23 11:30 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-11 08:21 . 2009-11-23 11:30 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
2010-04-11 08:21 . 2009-06-27 06:35 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2010-04-11 08:19 . 2009-06-27 06:35 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2010-04-11 08:19 . 2009-06-27 06:35 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2010-04-11 08:19 . 2009-06-27 06:35 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2010-04-11 08:19 . 2009-06-27 06:35 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2010-04-11 08:14 . 2009-06-27 06:33
d
w- c:\program files\Lavasoft
2010-04-05 19:03 . 2009-12-12 15:34
d
w- c:\documents and settings\New user\Application Data\Spotify
2010-03-26 14:41 . 2009-11-14 20:53
d
w- c:\program files\bfgclient
2010-03-26 14:41 . 2010-03-26 14:40 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-03-26 14:40 . 2009-11-14 20:52
d
w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-03-19 15:48 . 2009-02-24 14:07
d
w- c:\program files\Realtek
2010-03-17 11:53 . 2009-03-09 10:53
d
w- c:\program files\AVG
2010-03-15 18:57 . 2010-03-15 18:57
d
w- c:\documents and settings\New user\Application Data\DownloadFileAIR.6903B6C272B33607D14416197B3950F158CA468A.1
2010-03-15 18:57 . 2010-03-15 18:57
d
w- c:\program files\Common Files\Adobe AIR
2010-03-15 18:57 . 2010-03-15 18:57 38784 ----a-w- c:\documents and settings\New user\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-15 18:57 . 2010-03-15 18:57 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-13 05:53 . 2010-03-19 15:48 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-13 05:53 . 2009-09-21 13:36 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-13 05:53 . 2009-09-21 13:35 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-13 05:53 . 2010-03-19 15:48 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-13 05:53 . 2009-09-21 13:35 19521056 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-13 05:53 . 2010-03-19 15:48 358944 ----a-w- c:\windows\vncutil.exe
2010-03-13 05:53 . 2009-09-21 13:36 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-13 05:53 . 2009-09-21 13:36 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-13 05:53 . 2009-09-21 13:35 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-13 05:53 . 2009-09-21 13:35 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-13 05:53 . 2009-09-21 13:35 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-13 05:41 . 2009-09-21 13:35 5867040 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-11 10:06 . 2010-03-10 17:50
d
w- c:\documents and settings\New user\Application Data\SumatraPDF
2010-03-10 17:50 . 2010-03-10 17:50
d
w- c:\program files\SumatraPDF
2010-03-10 17:32 . 2009-09-26 06:35 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2010-03-10 16:37 . 2009-03-02 15:03
d
w- c:\program files\Google
2010-03-10 16:06 . 2009-02-24 14:01
d
w- c:\program files\Common Files\Adobe
2010-03-10 11:05 . 2010-03-10 11:05
d
w- c:\program files\Sky Broadband
2010-03-10 06:15 . 2007-07-30 08:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 13:26 . 2010-03-09 13:23
d
w- c:\documents and settings\New user\Application Data\Tatara Systems
2010-03-09 13:23 . 2010-03-09 13:23
d
w- c:\program files\O2CM-CE
2010-03-09 13:23 . 2010-03-09 13:23
d
w- c:\documents and settings\All Users\Application Data\O2CM-CE
2010-02-26 11:20 . 2009-09-21 13:35 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-25 06:24 . 2007-07-30 08:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2007-07-30 08:41 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2007-07-30 08:41 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2007-07-19 12:40 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2007-07-30 08:40 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2007-07-30 08:42 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2009-06-27 06:35 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 21:19 . 2010-02-03 21:19 143312 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\bigfishgames_p67073194_s1_l1[1].exe
2010-02-03 21:19 . 2010-02-03 21:19 3028800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-04-11 818256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-30 413696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-10 122880]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-13 19521056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\New user\\taw\\winvnc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27/06/2009 07:35 64288]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26/02/2009 20:46 13696]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1265264]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [24/02/2009 15:00 598856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2010 17:37 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/03/2010 16:48 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\d:\everest ultimate edition\kerneld.wnt --> d:\everest ultimate edition\kerneld.wnt [?]
.
Contents of the 'Scheduled Tasks' folder
2010-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 08:19]
2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 16:37]
2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 16:37]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.sky.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Trusted Zone: arise.com
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://192.168.15.51/downloads/VMware-vdmclient.cab
DPF: {FA81D7A9-4BDC-47D1-AB01-DA0E72B4F412} - hxxp://www.epathcampus.com/willow/SDG/bnpl09/activex/FlashHelper.cab
FF - ProfilePath - c:\documents and settings\New user\Application Data\Mozilla\Firefox\Profiles\j3mtgf8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sky.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 16:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\everest ultimate edition\kerneld.wnt"
.
Completion time: 2010-04-27 16:53:08
ComboFix-quarantined-files.txt 2010-04-27 15:53
Pre-Run: 142,434,234,368 bytes free
Post-Run: 142,486,736,896 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - A70AF0D49341DE39DBBA50E79082795E0 -
>> Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
>> Restored copy from - Kitty had a snack
Made me laugh
(sorry nowt useful to add!)0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards